Ransomware Research
WannaCash Ransomware
WannaCash is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on March 1, 2019, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: WannaCash NextGen, WannaCash 2.0.
Quick Facts
- Ransomware Family
- WannaCash
- First Seen
- March 1, 2019
- Known Aliases
- WannaCash NextGenWannaCash 2.0
How WannaCash Ransomware Works
File Encryption Patterns
WannaCash modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..wannacash..punisher..happy new yearPrefixes added to encrypted files:
encrypted(Файл зашифрованRansom Note and Payment Demands
After encrypting files, WannaCash displays ransom notes demanding payment for file recovery:
как расшифровать файлы.txtRansom message:
notes/как расшифровать файлы.txt
Note locations:
UserFoldersTempContribution.txtRansom message:
notes/Contribution.txt
Contribution.txtTechnical Indicators
Associated Executable Files
The following executable files are associated with WannaCash ransomware:
Ключи_активации_на_365.exeКлючи активации на 365.exeКлючи активации на 365 дней.exeКлючи активации на 365 дней-2010.exedobrohostsss.exeeset keys [до 06.06.2020].exeegui.exeEGUIS.EXEКлючи для ESET[all versions] на 365 дней.exeESETNOD.exeegui.exe, eguis_upx.exeКлючи активации на год_.exe
Elastio Can Help You
Don't let WannaCash ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This WannaCash ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like WannaCash.
Last updated: October 30, 2025
Recent Ransomware
Explore other threats in our database